During a third-party audit, it is determined that a member of the firewall team can request, approve, and
implement a new rule-set on the firewall. Which of the following will the audit team most l likely recommend
during the audit out brief?
A.
Discretionary access control for the firewall team
B.
Separation of duties policy for the firewall team
C.
Least privilege for the firewall team
D.
Mandatory access control for the firewall team